[jboss-user] [JBoss Portal] - Best practice: secure direct web app access

CarstenRudat do-not-reply at jboss.com
Thu Mar 20 05:22:51 EDT 2008

Hi all,

I'd like to know how I secure the access to a web app that runs as a portlet. I have the portlet secured by a <security-constraint> in the *-object.xml, but if I call http(s)://server:port/my-web-app-context-root/folder-in-war/resource I get the content delivered without being logged in.

Now, if I configured a <security-constraint> in my web.xml (with the same user role and security-domain as for the portlet) JBoss asks for a username and password (BASIC-auth). That's quite good, but it asks for username and password for the portlet, too - even if I logged in.

What are the best practices for that?


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137977#4137977

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4137977

More information about the jboss-user mailing list